epolite - npm Package Compare versions

Comparing version 0.0.1 to 0.0.2

package.json

@@ -15,3 +15,3 @@ {
   },
-  "version": "0.0.1",
+  "version": "0.0.2",
   "description": "A public-private key library for post-quantum cryptography (early stage, use with caution)",
@@ -26,3 +26,7 @@ "bugs": {
     "url": "https://github.com/alexanderepolite/epolite"
+  },
+  "author": {
+    "name": "Alexander Epolite",
+    "email": "alexander@epolite.net"
   }
 }

README.md

@@ -1,15 +0,88 @@
-# epolite
+# EPOLITE
 
-To install dependencies:
+### Efficient Post-Quantum Optimized Lattice-based Implementation of Trusted Encryption
 
-```bash
-bun install
+## GPG-Like Post Quantum Encryption
+This library contains a public/private keypair system which can be used for post-quantum encryption between users.
+
+### Standards used
+1. FALCON-512 is used for signing messages, to be used prior to encryption.
+2. Kyber-512 is used for encrypting messages (was Kyber-1024), to be used to encrypt messages using AES.
+
+Kyber 1024 *was* used; however, it was changed to 512 do to the unreasonable size of messages, upwards of 200 KB for a single byte message, scaling at O(n).
+
+In the future, this may be updated to include other PQ encryption standards; however, these are the ones I chose for now.
+
+### Disclaimers
+1. This library, while functional, has not been audited, either by me or anyone else.
+2. The returned encrypted messages are **_MASSIVE_**.  You can expect a 4 KB encrypted message from a 10 byte input, and at least 5x when the input is signed.
+3. I cannot guarantee any encryption libraries used in this library to be vulnerability or exploit free.  While they are approved by the NIST, I personally do not fully endorse them due to how new these standards are.
+4. This library uses crypto subtle, and was designed specifically for browser use.
+
+## Using this library
+This library is specifically built for the [Bun Runtime](https://bun.sh).  Please install that and replace Node.JS with this runtime, as it is much faster.
+
+Afterwards, run `bun add epolite` to install this package, and then use the documentation below.
+
+
+### Examples
+#### Create Keypair
+```ts
+import {createKeyPair, type KeyPair} from "epolite";
+
+//returns an object containing {publicKey: string, privateKey: string}
+const kp: KeyPair = await createKeyPair();
+
+console.log(kp.publicKey, kp.privateKey);
 ```
 
-To run:
 
-```bash
-bun run src/index.ts
+#### Encrypt
+```ts
+import {encrypt} from "epolite";
+
+//publicKey is a string, starting with "----------BEGIN EPOLITE PUBLIC KEY----------"
+//returns a base64 encoded string of the encrypted message
+const encryptedString: string = await encrypt("deadbeef", publicKey);
+
+console.log("Very, very long encrypted string:", encryptedString);
 ```
 
-This project was created using `bun init` in bun v1.1.29. [Bun](https://bun.sh) is a fast all-in-one JavaScript runtime.
+#### Decrypt
+```ts
+import {decrypt} from "epolite";
+
+//returns the decrypted message as a string
+const decryptedString: string = await decrypt(encryptedString, privateKey);
+
+console.log("Decrypted message:", decryptedString);
+```
+
+#### Signing
+```ts
+import {sign} from "epolite";
+
+//returns a base64 encoded string (signatures aren't too big).
+const signedMessage: string = await sign("I do not like pineapple pizza", privateKey);
+
+console.log("Signed message:", signedMessage);
+```
+
+#### Verifying
+```ts
+import {verify} from "epolite";
+
+const realMessage: string = "I do not like pineapple pizza";
+const fakeMessage: string = "I LOVE pineapple on pizza";
+
+const verified: boolean = await verify(realMessage, signedMessage, publicKey); //true
+const notVerified: boolean = await verify(fakeMessage, signedMessage, publicKey); //false
+```
+
+### More examples
+
+You can find an example in `src/test.ts`.
+
+
+## Contributing
+Since this is for my own project, I likely not be merging or reviewing pull requests.

src/index.ts

@@ -6,9 +6,14 @@
 
-import { ml_kem1024 } from '@noble/post-quantum/ml-kem';
+import { ml_kem512 } from '@noble/post-quantum/ml-kem';
 import signBuilder from '@dashlane/pqc-sign-falcon-512-node';
 
-const KYBER_PUBLIC_KEY_LABEL = '----------BEGIN EPOLITE PUBLIC KEY----------';
-const KYBER_PRIVATE_KEY_LABEL = '----------BEGIN EPOLITE PRIVATE KEY----------';
+const EPOLITE_PUBLIC_KEY_LABEL = '----------BEGIN EPOLITE PUBLIC KEY----------';
+const EPOLITE_PRIVATE_KEY_LABEL = '----------BEGIN EPOLITE PRIVATE KEY----------';
 const KEY_END_LABEL = '----------END EPOLITE KEY----------';
 
+export type KeyPair = {
+    publicKey: string,
+    privateKey: string,
+};
+
 /**
@@ -19,5 +24,5 @@ * Generates a combined key pair for Kyber and Falcon.
  */
-export async function createKeyPair(): Promise<{ publicKey: string; privateKey: string }> {
+export async function createKeyPair(): Promise<KeyPair> {
     // Generate Kyber key pair
-    const kyberKeyPair = ml_kem1024.keygen();
+    const kyberKeyPair = ml_kem512.keygen();
 
@@ -42,7 +47,7 @@ // Initialize Falcon signing
     // Serialize and encode keys
-    const publicKeyString = `${KYBER_PUBLIC_KEY_LABEL}\n${Buffer.from(
+    const publicKeyString = `${EPOLITE_PUBLIC_KEY_LABEL}\n${Buffer.from(
         JSON.stringify(publicKeyObj)
     ).toString('base64')}\n${KEY_END_LABEL}`;
 
-    const privateKeyString = `${KYBER_PRIVATE_KEY_LABEL}\n${Buffer.from(
+    const privateKeyString = `${EPOLITE_PRIVATE_KEY_LABEL}\n${Buffer.from(
         JSON.stringify(privateKeyObj)
@@ -68,3 +73,3 @@ ).toString('base64')}\n${KEY_END_LABEL}`;
     const publicKeyEncoded = otherPublicKey
-        .replace(KYBER_PUBLIC_KEY_LABEL, '')
+        .replace(EPOLITE_PUBLIC_KEY_LABEL, '')
         .replace(KEY_END_LABEL, '')
@@ -76,3 +81,3 @@ .trim();
     // Encapsulate shared secret using Kyber
-    const aliceMeta = ml_kem1024.encapsulate(kyberPublicKey);
+    const aliceMeta = ml_kem512.encapsulate(kyberPublicKey);
     const sharedSecret = aliceMeta.sharedSecret;
@@ -126,3 +131,3 @@
     const privateKeyEncoded = privateKey
-        .replace(KYBER_PRIVATE_KEY_LABEL, '')
+        .replace(EPOLITE_PRIVATE_KEY_LABEL, '')
         .replace(KEY_END_LABEL, '')
@@ -134,3 +139,3 @@ .trim();
     // Decapsulate shared secret using Kyber
-    const sharedSecret = ml_kem1024.decapsulate(cipherText, kyberPrivateKey);
+    const sharedSecret = ml_kem512.decapsulate(cipherText, kyberPrivateKey);
     
@@ -170,3 +175,3 @@ // Import the shared secret as a CryptoKey
     const privateKeyEncoded = privateKey
-        .replace(KYBER_PRIVATE_KEY_LABEL, '')
+        .replace(EPOLITE_PRIVATE_KEY_LABEL, '')
         .replace(KEY_END_LABEL, '')
@@ -199,3 +204,3 @@ .trim();
     const publicKeyEncoded = publicKey
-        .replace(KYBER_PUBLIC_KEY_LABEL, '')
+        .replace(EPOLITE_PUBLIC_KEY_LABEL, '')
         .replace(KEY_END_LABEL, '')
@@ -202,0 +207,0 @@ .trim();

src/test.ts

@@ -6,3 +6,3 @@ import { createKeyPair, decrypt, encrypt, sign, verify } from ".";
 
-const message = 'Hello, Bob! This is Alice.';
+const message = "Cool beans";
 
@@ -25,1 +25,3 @@ //step 1: Alice signs the message
 console.log('Signature valid:', isValid);          // Should output true if the signature is valid
+
+console.log(`sig: ${signature}`)

Fixed alerts

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

No License Found

License

(Experimental) License information could not be found.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

16837

increased by22.68%

Number of low license alerts

0

decreased by-100%

Lines of code

216

increased by1.89%

Number of low maintenance alerts

0

decreased by-100%

Number of lines in readme file

88

increased by450%

No dependency changes